research-article

Open access

Verified interoperable implementations of security protocols

Authors:

Karthikeyan Bhargavan,

Cédric Fournet,

Andrew D. Gordon,

Stephen TseAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 31, Issue 1

Article No.: 5, Pages 1 - 61

https://doi.org/10.1145/1452044.1452049

Published: 12 December 2008 Publication History

Abstract

We present an architecture and tools for verifying implementations of security protocols. Our implementations can run with both concrete and symbolic implementations of cryptographic algorithms. The concrete implementation is for production and interoperability testing. The symbolic implementation is for debugging and formal verification. We develop our approach for protocols written in F#, a dialect of ML, and verify them by compilation to ProVerif, a resolution-based theorem prover for cryptographic protocols. We establish the correctness of this compilation scheme, and we illustrate our approach with protocols for Web Services security.

References

[1]

Abadi, M. and Fournet, C. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01). 104--115.

Digital Library

[2]

Abadi, M. and Gordon, A. D. 1999. A calculus for cryptographic protocols: The spi calculus. Inform. Comput. 148, 1--70.

Digital Library

[3]

Abadi, M. and Rogaway, P. 2002. Reconciling two views of cryptography (the computational soundness of formal encryption). J. Cryptol. 15, 2, 103--127.

Digital Library

[4]

Allamigeon, X. and Blanchet, B. 2005. Reconstruction of attacks against cryptographic protocols. In Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW'05). 140--154.

Digital Library

[5]

Apache Software Foundation 2006. Apache WSS4J. Apache Software Foundation. http://ws.apache.org/wss4j/.

[6]

Askarov, A. and Sabelfeld, A. 2005. Security-typed languages for implementation of cryptographic protocols: A case study. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS'05). Lecture Notes in Computer Science, vol. 3679. Springer, 197--221.

Digital Library

[7]

Backes, M., Pfitzmann, B., and Waidner, M. 2003. A composable cryptographic library with nested operations. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS'03). ACM Press, 220--230.

Digital Library

[8]

Berry, G. and Boudol, G. 1990. The chemical abstract machine. In Proceedings of the 17th ACM Symposium on Principles of Programming Languages (POPL'90). 81--94.

Digital Library

[9]

Bhargavan, K., Corin, R., Fournet, C., and Gordon, A. D. 2007c. Secure sessions for Web services. ACM Trans. Inform. Syst. Secur. 10, 2, Article 8.

Digital Library

[10]

Bhargavan, K., Fournet, C., Corin, R., and Zălinescu, E. 2008b. Cryptographically verified implementations for TLS. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS'08). 459--468.

Digital Library

[11]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2004b. Verifying policy-based security for Web services. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04). 268--277.

Digital Library

[12]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2005. A semantics for Web services authentication. Theor. Comput. Sci. 340, 1, 102--153.

Digital Library

[13]

Bhargavan, K., Fournet, C., and Gordon, A. D. 2006b. Verified reference implementations of WS-Security protocols. In Proceedings of the 3rd International Workshop on Web Services and Formal Methods (WS-FM 2006). Lecture Notes in Computer Science, vol. 4184. Springer, 88--106.

Digital Library

[14]

Bhargavan, K., Fournet, C., Gordon, A. D., and Pucella, R. 2004a. TulaFale: A security tool for Web services. In Proceedings of the International Symposium on Formal Methods for Components and Objects (FMCO'03). Lecture Notes in Computer Science, vol. 3188. Springer, 197--222.

[15]

Bhargavan, K., Fournet, C., Gordon, A. D., and Swamy, N. 2008a. Verified implementations of the Information Card federated identity-management protocol. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). 123--135.

Digital Library

[16]

Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2006a. Verified interoperable implementations of security protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). 139--152.

Digital Library

[17]

Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2007a. Verified interoperable implementations of security protocols. In Software System Reliability and Security. IOS Press, 87--115.

[18]

Bhargavan, K., Fournet, C., Gordon, A. D., and Tse, S. 2007b. Verified interoperable implementations of security protocols. Tech. rep. MSR-TR-2006-46, Microsoft Research.

[19]

Blanchet, B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). 82--96.

Digital Library

[20]

Blanchet, B. 2007. Computationally sound mechanized proofs of correspondence assertions. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF'07). 97--111.

Digital Library

[21]

Blanchet, B., Abadi, M., and Fournet, C. 2005. Automated verification of selected equivalences for security protocols. In Proceedings of the 20th IEEE Symposium on Logic in Computer Science (LICS'05). 331--340.

Digital Library

[22]

Blanchet, B. and Podelski, A. 2005. Verification of cryptographic protocols: Tagging enforces termination. Theor. Comput. Sci. 333, 1-2, 67--90.

Digital Library

[23]

Bodei, C., Buchholtz, M., Degano, P., and Nielson, F. 2003. Automatic validation of protocol narration. In Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW'03). 126--140.

[24]

Dolev, D. and Yao, A. 1983. On the security of public key protocols. IEEE Trans. Inform. Theor. IT--29, 2, 198--208.

Digital Library

[25]

Eastlake, D., Reagle, J., Imamura, T., Dillaway, B., and Simon, E. 2002. XML Encryption Syntax and Processing. W3C. W3C Recommendation.

[26]

Eastlake, D., Reagle, J., Solo, D., Bartel, M., Boyer, J., Fox, B., LaMacchia, B., and Simon, E. 2002. XML-Signature Syntax and Processing. W3C. W3C Recommendation.

[27]

Fournet, C. and Gonthier, G. 2005. A hierarchy of equivalences for asynchronous calculi. J. Logic Algeb. Program. 63, 131--173.

[28]

Galois Connections. 2005. Cryptol Reference Manual. Galois Connections.

[29]

Giambiagi, P. and Dam, M. 2004. On the secure implementation of security protocols. Sci. Comput. Program. 50, 73--99.

Digital Library

[30]

Gordon, A. D. and Pucella, R. 2002. Validating a Web service security abstraction by typing. In Proceedings of the ACM workshop on XML Security. 18--29.

Digital Library

[31]

Goubault-Larrecq, J. and Parrennes, F. 2005. Cryptographic protocol analysis on real C code. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05). Lecture Notes in Computer Science, vol. 3385. Springer, 363--379.

Digital Library

[32]

Guttman, J. D., Herzog, J. C., Ramsdell, J. D., and Sniffen, B. T. 2005. Programming cryptographic protocols. In Proceedings of the Conference Trusted Global Computing (TGC'05). Lecture Notes in Computer Science, vol. 3705. Springer, 116--145.

Digital Library

[33]

IBM Corporation. 2006. IBM WebSphere Application Server. IBM Corporation. http://www.ibm.com/software/websphere/.

[34]

Kleiner, E. and Roscoe, A. W. 2004. Web services security: A preliminary study using Casper and FDR. In Proceedings of the Conference Automated Reasoning for Security Protocol Analysis (ARSPA 04).

[35]

Kleiner, E. and Roscoe, A. W. 2005. On the relationship between Web services security and traditional protocols. In Proceedings of the Conference Mathematical Foundations of Programming Semantics (MFPS).

[36]

Lukell, S., Veldman, C., and Hutchison, A. C. M. 2003. Automated attack analysis and code generation in a multi-dimensional security protocol engineering framework. In Proceedings of the Southern African Telecommunication Networks and Applications Conference (SATNAC).

[37]

Merro, M. and Sangiorgi, D. 1998. On asynchrony in name-passing calculi. In Proceedings of the Conference Automata, Languages and Programming (ICALP'98). Lecture Notes in Computer Science, vol. 1443. Springer, 856--867.

Digital Library

[38]

Microsoft Corporation. 2004. Web Services Enhancements (WSE) 2.0. Microsoft Corporation. http://msdn.microsoft.com/webservices/building/wse/default.aspx.

[39]

Microsoft Corporation. 2005. F&num;. Microsoft Corporation. http://research.microsoft.com/fsharp/.

[40]

Microsoft Corporation. 2006. Windows Communication Foundation (WCF). Microsoft Corporation. http://wcf.netfx3.com/.

[41]

Microsoft Corporation. 2007. FS2PV: A Cryptographic-Protocol Verifier for F&num;. Microsoft Corporation. http://research.microsoft.com/projects/samoa/.

[42]

Milner, R. 1992. Functions as processes. Math. Struct. Comput. Sci. 2, 2, 119--141.

[43]

Milner, R. 1999. Communicating and Mobile Systems: The π-Calculus. CUP.

Digital Library

[44]

Muller, F. and Millen, J. 2001. Cryptographic protocol generation from CAPSL. Tech. rep. SRI-CSL-01-07, SRI.

[45]

Needham, R. and Schroeder, M. 1978. Using encryption for authentication in large networks of computers. Comm. ACM 21, 12, 993--999.

Digital Library

[46]

OASIS 2004. Web Services Security: SOAP Message Security 1.0 (WS-Security 2004). OASIS Standard.

[47]

O'Shea, N. 2006. Elyjah: A security analyzer for Java implementations of communications protocols. Fourth year project report, Computer Science, Division of Informatics, University of Edinburgh.

[48]

Otway, D. and Rees, O. 1987. Efficient and timely mutual authentication. Oper. Syst. Rev. 21, 1, 8--10.

Digital Library

[49]

Perrig, A., Song, D., and Phan, D. 2001. AGVI -- automatic generation, verification, and implementation of security protocols. In Proceedings of the 13th Conference on Computer Aided Verification (CAV). Lecture Notes in Computer Science. Springer, 241--245.

Digital Library

[50]

Pozza, D., Sisto, R., and Durante, L. 2004. Spi2Java: automatic cryptographic protocol Java code generation from spi calculus. In Proceedings of the 18th International Conference on Advanced Information Networking and Applications (AINA 2004). Vol. 1. 400--405.

Digital Library

[51]

Sumii, E. and Pierce, B. C. 2001. Logical relations for encryption. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). 256--269.

[52]

Sumii, E. and Pierce, B. C. 2004. A bisimulation for dynamic sealing. In Proceedings of the 31st ACM Symposium on Principles of Programming Languages (POPL'04). 161--172.

Digital Library

[53]

W3C 2003. SOAP Version 1.2. W3C. W3C Recommendation.

[54]

W3C 2004. Web Services Addressing (WS-Addressing). W3C. W3C Member Submission.

[55]

Woo, T. and Lam, S. 1993. A semantic model for authentication protocols. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. 178--194.

Digital Library

Cited By

Klenze TSprenger CBasin D(2023)IsaNetJournal of Computer Security10.3233/JCS-22002131:3(217-259)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JCS-220021
Arquint LSchwerhoff MMehta VMüller PMeng WJensen CCremers CKirda E(2023)A Generic Methodology for the Modular Verification of Security Protocol ImplementationsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623105(1377-1391)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623105
Nasrabadi FKünnemann RNemati HMeng WJensen CCremers CKirda E(2023)CryptoBap: A Binary Analysis Platform for Cryptographic ProtocolsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623090(1362-1376)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623090
Show More Cited By

Index Terms

Verified interoperable implementations of security protocols

Recommendations

Verified Interoperable Implementations of Security Protocols
CSFW '06: Proceedings of the 19th IEEE workshop on Computer Security Foundations

We present an architecture and tools for verifying implementations of security protocols. Our implementations can run with both concrete and symbolic implementations of cryptographic algorithms. The concrete implementation is for production and ...
Formal Verification of Security Protocols: ProVerif and Extensions
Artificial Intelligence and Security
Abstract
Secure protocols are built on cryptographic algorithms, which provide a variety of secure services to realize secure communications in a network environment. To improve the quality of security protocols and ensure their reliability, sufficient ...
Verifying policy-based security for web services
CCS '04: Proceedings of the 11th ACM conference on Computer and communications security

WS-SecurityPolicy is a declarative configuration language for driving web services security mechanisms. We describe a formal semantics for WS-SecurityPolicy, and propose a more abstract link language for specifying the security goals of web services and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 31, Issue 1

December 2008

261 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/1452044

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 December 2008

Accepted: 01 January 2008

Received: 01 November 2007

Published in TOPLAS Volume 31, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

41
Total Citations
View Citations
996
Total Downloads

Downloads (Last 12 months)83
Downloads (Last 6 weeks)9

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Klenze TSprenger CBasin D(2023)IsaNetJournal of Computer Security10.3233/JCS-22002131:3(217-259)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JCS-220021
Arquint LSchwerhoff MMehta VMüller PMeng WJensen CCremers CKirda E(2023)A Generic Methodology for the Modular Verification of Security Protocol ImplementationsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623105(1377-1391)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623105
Nasrabadi FKünnemann RNemati HMeng WJensen CCremers CKirda E(2023)CryptoBap: A Binary Analysis Platform for Cryptographic ProtocolsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623090(1362-1376)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623090
Arquint LWolf FLallemand JSasse RSprenger CWiesner SBasin DMüller P(2023)Sound Verification of Security Protocols: From Design to Interoperable Implementations2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179325(1077-1093)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179325
Sivelle CDebbah LPuys MLafourcade PFranco-Rondisson T(2022)Automatic Implementations Synthesis of Secure Protocols and Attacks from Abstract ModelsSecure IT Systems10.1007/978-3-031-22295-5_13(234-252)Online publication date: 30-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-22295-5_13
Barbosa MBarthe GBhargavan KBlanchet BCremers CLiao KParno B(2021)SoK: Computer-Aided Cryptography2021 IEEE Symposium on Security and Privacy (SP)10.1109/SP40001.2021.00008(777-795)Online publication date: May-2021
https://doi.org/10.1109/SP40001.2021.00008
Bhargavan KBichhawat ADo QHosseyni PKüsters RSchmitz GWürtele T(2021)$\text{DY}^{\star}$: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code2021 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP51992.2021.00042(523-542)Online publication date: Oct-2021
https://doi.org/10.1109/EuroSP51992.2021.00042
He XLiu QChen SHuang CWang DMeng B(2020)Analyzing Security Protocol Web Implementations Based on Model Extraction With Applied PI CalculusIEEE Access10.1109/ACCESS.2020.29716158(26623-26636)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2971615
Babenko LPisarev IPopova EMakarevich OPopov DBabenko LBurnap PElçi APoet RVaidya JOrgun MGaur MShekhawat R(2019)Cryptographic protocols implementation security verification of the electronic voting system based on blind intermediariesProceedings of the 12th International Conference on Security of Information and Networks10.1145/3357613.3357641(1-5)Online publication date: 12-Sep-2019
https://dl.acm.org/doi/10.1145/3357613.3357641
Jackson DCremers CCohn-Gordon KSasse RCavallaro LKinder JWang XKatz J(2019)Seems LegitProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3339813(2165-2180)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3339813
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents